Get Involved
Query: Ensure that a default customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets
Description
BigQuery by default encrypts the data as rest by employing Envelope Encryption using Google managed cryptographic keys. The data is encrypted using the data encryption keys and data encryption keys themselves are further encrypted using key encryption keys. This is seamless and does not require any additional input from the user. However, if you want to have greater control, Customer-managed encryption keys (CMEK) can be used as encryption key management solutions for BigQuery Data Sets.
Query
Tables used in this query:
Controls using this query:
- 7.3 Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets
- 7.3 Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets
- 7.3 Ensure that a Default Customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets
- 7.3 Ensure That a Default Customer-Managed Encryption Key (CMEK) Is Specified for All BigQuery Data Sets
- Ensure that a default customer-managed encryption key (CMEK) is specified for all BigQuery Data Sets